Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/sheeplettuce/Monitor/llms.txt

Use this file to discover all available pages before exploring further.

This endpoint creates a new user account in the Monitor system. Only authenticated users with the Administrador role can create new accounts — there is no self-registration flow. The new user’s password is immediately hashed before being stored; the plaintext value is never persisted.

Endpoint

POST /api/auth/registerrequires Authorization: Bearer <token> with Administrador role. Protected by the verificarToken and soloAdmin middleware chain.

Request Body

username
string
required
Unique login name for the new user. Must not contain any whitespace characters. Returns a 400 if the username is already taken.
password
string
required
Password in plaintext. Stored as a bcrypt hash with a cost factor of 10. The plaintext value is never written to the database.
rol
string
required
Role to assign to the new user. Must be exactly one of: Administrador, Operador, Tecnico. Any other value returns a 400.
nombre
string
Optional display name for the user (e.g. full name). Stored as-is; may be null if omitted.

Example Request

curl -X POST http://localhost:3000/api/auth/register \
  -H "Authorization: Bearer $ADMIN_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "nombre": "María López",
    "username": "mlopez",
    "password": "securepassword",
    "rol": "Operador"
  }'

Success Response

Status: 201 Created The response body contains the newly created user’s profile. The password_hash field is never included in the response.
id
integer
The auto-assigned unique numeric identifier for the new user.
nombre
string | null
The user’s display name, or null if nombre was not provided in the request.
username
string
The login name for the new user.
rol
string
The role assigned to the new user. One of: Administrador, Operador, Tecnico.
{
  "id": 5,
  "nombre": "María López",
  "username": "mlopez",
  "rol": "Operador"
}

Error Responses

StatusConditionResponse Body
400 Bad Requestusername, password, or rol is missing{ "error": "username, password y rol son requeridos" }
400 Bad Requestusername contains whitespace characters{ "error": "El usuario no puede contener espacios" }
400 Bad Requestrol is not one of the accepted values{ "error": "Rol inválido. Debe ser: Administrador, Operador, Tecnico" }
400 Bad Requestusername is already registered{ "error": "El username ya está en uso" }
401 UnauthorizedAuthorization header is missing, malformed, or the token is invalid / expired{ "error": "Token requerido" } / { "error": "Token inválido o expirado" }
403 ForbiddenToken is valid but the caller’s role is not Administrador{ "error": "Acceso restringido a administradores" }
Example 400 — missing required fields:
{ "error": "username, password y rol son requeridos" }
Example 400 — invalid role:
{ "error": "Rol inválido. Debe ser: Administrador, Operador, Tecnico" }
Example 400 — username already taken:
{ "error": "El username ya está en uso" }
Example 403 — caller is not an Administrator:
{ "error": "Acceso restringido a administradores" }

Passwords are stored exclusively as bcrypt hashes (cost factor 10) — the plaintext password is never saved. There is no password reset or account recovery endpoint in the Monitor API. If a user loses access to their account, an Administrator must update the user’s record directly in the database.

Build docs developers (and LLMs) love